[clamav-users] Daily 23161 broke Clam

Sat Mar 4 15:32:44 UTC 2017

On 03/03/17 23:53, Scott Kitterman wrote:
> As far as I can tell, pcre 7 came out before 2008.  I think a decade is enough
> time to insist people upgrade.
>
> Scott K
>

Red Hat typically now supports each release of RHEL for at least a 
decade, and that's not including any additional extended support periods 
one may purchase from Red Hat in addition to the standard production 
lifespan, so in a Red Hat world, I would say a decade is the *minimum* 
period one should support dependent libs if you want your software used 
on that platform.

RHEL5 may reach end of production on 31 March 2017 but extended 
life-cycle support continues until 30 Nov 2020, so preferably support 
for pcre-6 should continue until then.

https://access.redhat.com/support/policy/updates/errata#Life_Cycle_Dates

A huge number of mail admins want to install a RH mail server and forget 
about it for 10+ years knowing it is supported and will just work, and 
that things aren't going to continually break with each and every 
update. I'm currently in the process of installing a new mail server to 
replace a RHEL5 server, initially set up in 2007, and only because RHEL5 
is EOL. The same hardware (touch wood) is still going strong and hasn't 
missed a beat in 10 years. If I could afford the extended support from 
RH I'd probably let it run for another 3 years.

So your opinion on this will be influenced by your perspective. I would 
argue that RHEL has a large enough installed userbase to warrant 
supporting it for at least it's 10 year production life-cycle.

> On Friday, March 03, 2017 11:21:30 PM Joel Esler wrote:
>> If we required pcre 7, it would allow us to publish this kind of sig in the
>> future of 99.3 and high versions by requiring a certain "flevel".
>>
>> --
>> Sent from my iPhone
>>
>>> On Mar 3, 2017, at 18:18, Chris Conn <cconn at abacom.com> wrote:
>>>
>>> Hello,
>>>
>>> Looks like my off-list email went on the list LOL.  So much for not making
>>> noise.  Woops.
>>>
>>> If the 0.99.3 or whatever later version where this would be implemented
>>> requires PCRE 7, would that break database updates for versions that have
>>> not upgraded if this pcre format is re-used in the future, or would it
>>> simply disable pcre support in previous version of clamd that have not
>>> been upgraded?
>>>
>>> Thanks,
>>>
>>> Chris
>>>
>>>> On 3/3/2017 6:13 PM, Joel Esler (jesler) wrote:
>>>> A new daily with the Sig dropped.
>>>>
>>>> Probably what we will do to prevent this from happening again, is to have
>>>> 0.99.3 (the upcoming version) require pcre 7.
>>>>
>>>> How does that sound?
>>>>
>>>> --
>>>> Sent from my iPhone
>>>>
>>>>> On Mar 3, 2017, at 18:08, Chris Conn <cconn at abacom.com> wrote:
>>>>>
>>>>> Hello,
>>>>>
>>>>> I hope you don't mind my contact off-list, I don't want to make noise on
>>>>> it for all.  Apologies.
>>>>>
>>>>> This new build, are we talking about a daily.cvd (23162?) or a new build
>>>>> of clam/pcre?
>>>>>
>>>>> Thanks again in advance for your help,
>>>>>
>>>>> Chris
>>>>>
>>>>>> On 3/3/2017 4:00 PM, Alain Zidouemba wrote:
>>>>>> We are coming to the same conclusions.
>>>>>>
>>>>>> The issue seem to isolated to using pcre libraries older than 7.0. I
>>>>>> does
>>>>>> not affect users of newer versions of pcre or users of pcre2.
>>>>>>
>>>>>> A new build with the fix is in progress now.
>>>>>>
>>>>>> Apologies for the impact this has caused.
>>>>>>
>>>>>> Alain
>>>>>>
>>>>>> On Fri, Mar 3, 2017 at 2:34 PM, Steve Basford <
>>>>>>
>>>>>> steveb_clamav at sanesecurity.com> wrote:
>>>>>>>> On Fri, March 3, 2017 7:20 pm, Alain Zidouemba wrote:
>>>>>>>> We're pulling the signature causing the issue now, while we
>>>>>>>> investigate
>>>>>>>> the cause.
>>>>>>>>
>>>>>>>> - Alain
>>>>>>>
>>>>>>> Hi Alain,
>>>>>>>
>>>>>>> I think the fix is... Replace ? with ?P  when the PCRE library is old
>>>>>>>
>>>>>>> ie.  ?< to ?P<
>>>>>>>
>>>>>>> On...
>>>>>>>
>>>>>>> Doc.Macro.GenericHeuristic-5901772-0
>>>>>>> Doc.Macro.GenericHeuristic-5931846-1
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Cheers,
>>>>>>>
>>>>>>> Steve
>>>>>>> Twitter: @sanesecurity
>>>>>>>